PDA

View Full Version : Google Re-direct Infection



elnino550
2010-03-17, 14:51
Hello,

I have acquired the browser re-direct bug in Firefox. I have Malwarebytes and Hijack This installed but have not ran them since the re-direction has been occuring. I'm using WIndows XP on a TOSHIBA Satellite M-35-S320.

Please help before the infection spreads,

Matthew

ken545
2010-03-20, 17:05
Hello Matthew

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.



Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

elnino550
2010-03-24, 06:29
Results from RSIT

INFO.TXT

info.txt logfile of random's system information tool 1.06 2010-03-23 22:28:24

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AIM 7-->C:\Program Files\AIM7\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Amazon MP3 Downloader 1.0.9-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Audacity 1.2.6-->"C:\Audacity\unins000.exe"
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour Core for Windows-->MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
CD Sheet Music V2-->C:\WINDOWS\CD Sheet Music V2 Uninstaller.exe
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chessmaster 9000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ubi Soft\Chessmaster 9000\CM9kUninst.isu"
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Fast Track USB-->C:\Program Files\InstallShield Installation Information\{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
hp deskjet 3500-->MsiExec.exe /X{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wireless-->MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod Updater 2004-11-15-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 18-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160180}
Kyocera USB Driver Installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{461D92DA-0B8C-496B-B6AA-BD0614BE0867}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works 2000 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.6.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Notebook Maximizer-->C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
PDFCreator-->E:\PDFCreator\unins000.exe
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Small Rockets Mah Jongg-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44604D06-C73F-4034-AE90-542EA494F0A4}\setup.exe"
Sonik Synth 2 Free-->C:\PROGRA~1\SONIKS~1\UNWISE.EXE C:\PROGRA~1\SONIKS~1\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spy-bot - Search & Destroyy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\Spyware--Blaster\unins000.exe"
SurfHere by Toshiba-->MsiExec.exe /X{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TOSHIBA Access-->C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Fax Extension-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\System32\TPSDel.dll"
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA TouchPad On/Off Utility V2.05.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities-->tutildel.exe
ubi.com-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-Ins\VST Bridge\unins000.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Word in Works Suite add-in-->MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
YouSendIt Express-->"C:\Program Files\InstallShield Installation Information\{8C8224B7-AA9B-4807-97CD-55899BAC83FE}\setup.exe" -runfromtemp -l0x0409 -removeonly
YouSendIt Express-->MsiExec.exe /X{8C8224B7-AA9B-4807-97CD-55899BAC83FE}

======Security center information======

AV: AVG 7.5.549 (outdated)

======System event log======

Computer Name: MATT
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 2144
Source Name: Service Control Manager
Time Written: 20100122171843.000000-480
Event Type: error
User:

Computer Name: MATT
Event Code: 10010
Message: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Record Number: 2140
Source Name: DCOM
Time Written: 20100122064302.000000-480
Event Type: error
User: MATT\Matt 1

Computer Name: MATT
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 2139
Source Name: Service Control Manager
Time Written: 20100122064232.000000-480
Event Type: error
User:

Computer Name: MATT
Event Code: 10010
Message: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Record Number: 2135
Source Name: DCOM
Time Written: 20100121182536.000000-480
Event Type: error
User: MATT\Matt 1

Computer Name: MATT
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 2134
Source Name: Service Control Manager
Time Written: 20100121182506.000000-480
Event Type: error
User:

=====Application event log=====

Computer Name: MATT
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3188, faulting module radhslib.dll, version 0.0.0.0, fault address 0x00003b6f.

Record Number: 12635
Source Name: Application Error
Time Written: 20081017090035.000000-420
Event Type: error
User:

Computer Name: MATT
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3188, faulting module radhslib.dll, version 0.0.0.0, fault address 0x00003b6f.

Record Number: 12634
Source Name: Application Error
Time Written: 20081016204453.000000-420
Event Type: error
User:

Computer Name: MATT
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3188, faulting module radhslib.dll, version 0.0.0.0, fault address 0x00003b6f.

Record Number: 12633
Source Name: Application Error
Time Written: 20081016102937.000000-420
Event Type: error
User:

Computer Name: MATT
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 12630
Source Name: Microsoft Fax
Time Written: 20081015230738.000000-420
Event Type: warning
User:

Computer Name: MATT
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 12629
Source Name: Microsoft Fax
Time Written: 20081015230738.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.0.5.001
"SESSIONID"=1133135944464htx6060e6da1e:107d429bb56:205b
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\MATT1~1\LOCALS~1\Temp\rad65C0C.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0

-----------------EOF-----------------



LOG.TXT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt 1 at 2010-03-23 22:28:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (32%) free of 57 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:21 PM, on 2010-03-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Documents and Settings\Matt 1\Local Settings\Application Data\ave.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt 1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Matt 1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF8547.exe" /c "C:\Combo-Fix\C.bat"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6656 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPY-BO~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-03-16 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-16 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-04-15 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-24 4861952]
"nwiz"=nwiz.exe /installquiet []
"SigmaTel StacMon"=C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe [2003-08-03 86073]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-02 172032]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-18 88363]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-05-30 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-05-30 614400]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-07-18 73728]
"TFncKy"=TFncKy.exe []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2003-09-25 278528]
"Pinger"=C:\TOSHIBA\IVP\ISM\pinger.exe [2005-03-17 151552]
"PRONoMgr.exe"=c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-09 185784]
"wrna3ls"=C:\Program Files\rnamfler\naomf.exe [2006-04-01 1253448]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"combofix"=C:\WINDOWS\system32\CF8547.exe /c C:\Combo-Fix\C.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\Ivp\NetInt\netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Ubi Soft\Chessmaster 9000\Chessmaster.exe"="C:\Program Files\Ubi Soft\Chessmaster 9000\Chessmaster.exe:*:Enabled:Chessmaster 9000"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1171828283\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1171828283\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM7\aim.exe"="C:\Program Files\AIM7\aim.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Matt 1\Desktop\utorrent.exe"="C:\Documents and Settings\Matt 1\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-23 22:28:00 ----DC---- C:\rsit
2010-03-23 21:31:17 ----ASH---- C:\Documents and Settings\All Users\Application Data\MSASCui.exe
2010-03-23 21:31:17 ----ASH---- C:\Documents and Settings\All Users\Application Data\ave.exe
2010-03-23 21:31:17 ----ASH---- C:\Documents and Settings\All Users\Application Data\av.exe
2010-03-23 07:17:39 ----SDC---- C:\Combo-Fix
2010-03-16 20:44:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-16 20:43:42 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-16 20:43:42 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-16 20:43:42 ----A---- C:\WINDOWS\system32\java.exe
2010-03-14 16:23:34 ----D---- C:\Documents and Settings\All Users\Application Data\Real

======List of files/folders modified in the last 1 months======

2010-03-23 21:48:57 ----D---- C:\WINDOWS\Prefetch
2010-03-23 21:48:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-23 21:33:33 ----D---- C:\WINDOWS\temp
2010-03-23 18:00:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-23 15:48:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-23 15:48:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-23 12:26:19 ----D---- C:\Program Files\Mozilla Firefox
2010-03-23 07:26:28 ----AD---- C:\WINDOWS
2010-03-23 07:26:21 ----AD---- C:\WINDOWS\system32
2010-03-23 07:20:21 ----D---- C:\WINDOWS\system32\drivers
2010-03-23 07:19:31 ----RHD---- C:\Program Files\rnamfler
2010-03-23 07:19:30 ----DC---- C:\Qoobox
2010-03-16 21:05:12 ----DC---- C:\Config.Msi
2010-03-16 21:05:01 ----AD---- C:\Program Files
2010-03-16 21:04:31 ----SHD---- C:\WINDOWS\Installer
2010-03-16 21:02:20 ----D---- C:\Program Files\Java
2010-03-16 20:45:05 ----D---- C:\Program Files\Common Files\Java
2010-03-16 20:43:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-16 20:13:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-25 22:47:03 ----D---- C:\Documents and Settings\Matt 1\Application Data\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-11-26 4224]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-06-09 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-10-19 8413]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-06-08 14037]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-09-24 1370764]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2003-07-17 230416]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-05-30 271728]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 25888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-26 821856]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-11-26 27776]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-12-20 1164576]
S3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-08-28 323296]
S3 catchme;catchme; \??\C:\DOCUME~1\MATT1~1\LOCALS~1\Temp\catchme.sys []
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\MATT1~1\LOCALS~1\Temp\ewdmaudn.sys []
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM); C:\WINDOWS\system32\DRIVERS\mausbft.sys [2007-11-13 132096]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 15143]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-04-19 14464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-03-27 2379776]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-11-26 49664]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2003-12-02 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-16 153376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-09-24 77824]
R2 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files\rnamfler\naofsvc.exe [2006-04-01 55296]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-11-26 418816]
S2 FastTrackInstallerService;M-Audio Fast Track Installer; C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ken545
2010-03-24, 10:45
Hi,

uTorrent <--File sharing is become the latest avenue of attack by malware writers, your downloading that file from an unknown source and most contain malicious software, in the clean up procedure we will add it to the least, if you do not agree than we cant go any further because basically its a waste of our time if you keep using P2P programs and come back infected again.

C:\Combo-Fix <--You ran Combofix on your own, not a good idea , its a very powerful tool and should only be run with supervision, this forum, myself and sUbs will not be responsible if you run it on your own and damage your system, reason being is a few weeks ago there was a bug ( since been fixed ) that deleted legit windows files ( did you know that ? ) so when you have an infected computer its best to just leave it be and post for help.

C:\Combo-Fix <--Go here and post the log for me to see

elnino550
2010-03-26, 17:12
Thank you for the advice about Combo-fix and Utorrent.

Now, do you want me to run combofix and post the results? I wasnt clear on your last reply

still have google-redirection but nothing worse yet

ken545
2010-03-26, 17:37
Hi,

You already ran Combofix and you can find the log here C:\ComboFix.txt

Copy and Paste it into this thread for me to see.


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

http://i24.photobucket.com/albums/c30/ken545/Atribune.jpg
Thank You Atribune






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please



Post the Combofix log and the Malwarebytes log please

elnino550
2010-03-26, 21:00
Combo-Fix Logfile

ComboFix 09-09-17.04 - Matt 1 2009-12-15 22:05.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.288 [GMT -8:00]
Running from: c:\documents and settings\Matt 1\Desktop\Combo-Fix.exe
AV: AVG 7.5.549 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\program files\rnamfler\radprlib.dll
c:\program files\rnamfler\radhslib.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\rnamfler\radhslib.dll
c:\program files\rnamfler\radprlib.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-16 to 2009-12-16 )))))))))))))))))))))))))))))))
.

2009-12-14 01:52 . 2009-12-14 01:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 20:01 . 2009-11-29 20:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-27 23:12 . 2009-11-28 16:27 -------- d-----w- c:\documents and settings\Matt 1\Local Settings\Application Data\SecondLife

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-16 06:01 . 2007-10-13 10:18 -------- d--h--r- c:\program files\rnamfler
2009-12-14 01:51 . 2004-02-07 00:31 -------- d-----w- c:\program files\Java
2009-12-07 17:24 . 2009-08-24 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-27 23:12 . 2009-02-09 17:04 -------- d-----w- c:\documents and settings\Matt 1\Application Data\SecondLife
2009-11-12 04:43 . 2004-06-08 17:04 36256 -c--a-w- c:\documents and settings\Matt 1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:46 . 2004-08-24 03:32 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-02-06 22:08 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-02-06 22:09 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-02-06 22:09 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-02-06 22:09 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-18_02.50.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-12-16 06:08 . 2009-12-16 06:08 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat
+ 2005-05-26 11:16 . 2009-08-07 02:24 44768 c:\windows\system32\wups2.dll
+ 2004-10-20 05:55 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
+ 2004-02-06 23:45 . 2009-08-07 02:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-02-06 22:10 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2004-02-06 22:10 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
- 2004-11-12 03:58 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2004-11-12 03:58 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2009-09-20 19:17 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-12-08 00:16 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2006-12-08 00:16 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2009-10-27 00:18 . 2009-08-07 02:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-27 00:18 . 2009-08-07 02:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-02-06 22:09 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2004-02-06 22:09 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 43544 c:\windows\system32\PresentationHostProxy.dll
- 2004-02-06 22:09 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 44544 c:\windows\system32\pngfilt.dll
+ 2004-02-06 22:09 . 2009-12-16 00:51 80334 c:\windows\system32\perfc009.dat
- 2007-10-24 08:47 . 2007-10-24 08:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-08-14 02:54 . 2009-10-29 07:46 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 02:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 83968 c:\windows\system32\mscories.dll
+ 2004-02-06 22:09 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2007-11-21 04:57 . 2009-09-20 18:32 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-21 04:57 . 2009-06-05 01:12 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-02-06 22:09 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 27648 c:\windows\system32\jsproxy.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 97800 c:\windows\system32\infocardapi.dll
+ 2007-08-14 02:39 . 2009-10-28 14:36 13824 c:\windows\system32\ieudinit.exe
- 2007-08-14 02:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2004-02-06 22:08 . 2009-10-29 07:46 44544 c:\windows\system32\iernonce.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2004-02-06 22:08 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2004-02-06 22:08 . 2009-10-28 14:36 70656 c:\windows\system32\ie4uinit.exe
+ 2008-07-30 02:24 . 2008-07-30 02:24 11264 c:\windows\system32\icardres.dll
+ 2007-08-14 02:36 . 2009-10-29 07:46 63488 c:\windows\system32\icardie.dll
- 2007-08-14 02:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2004-02-06 22:08 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 73720 c:\windows\system32\dxva2.dll
+ 2004-02-06 22:09 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2004-10-20 05:55 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-02-06 23:45 . 2009-08-07 02:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-02-06 22:10 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\ssstars.scr
+ 2004-02-06 22:10 . 2008-04-14 00:12 47104 c:\windows\system32\dllcache\ssmypics.scr
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2006-05-10 05:23 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:23 . 2009-10-29 07:46 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2008-02-18 02:17 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-02-18 02:17 . 2009-10-29 07:46 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-02-06 22:09 . 2009-10-29 07:46 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-02-06 22:09 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-02-18 02:17 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-02-18 02:17 . 2009-10-28 14:36 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-02-06 22:08 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 18:09 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 18:09 . 2009-10-29 07:46 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 02:39 . 2009-10-28 14:36 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 02:39 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-02-06 23:48 . 2003-03-31 12:00 61440 c:\windows\system32\dllcache\icwres.dll
- 2008-02-18 02:17 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-02-18 02:17 . 2009-10-29 07:46 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2009-06-29 16:12 . 2009-10-29 07:46 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-02-06 22:08 . 2009-08-07 02:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96760 c:\windows\system32\dfshim.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 96760 c:\windows\system32\dfshim.dll
+ 2004-02-06 22:08 . 2009-08-07 02:24 96480 c:\windows\system32\cdm.dll
+ 2004-02-06 22:07 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2004-02-06 22:07 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2004-02-06 22:07 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2004-02-06 22:07 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 02:32 . 2008-07-30 02:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-10-24 08:47 . 2007-10-24 08:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2009-06-25 02:56 . 2009-06-25 02:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 03:58 . 2007-04-14 03:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 07:49 . 2008-05-28 07:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 07:49 . 2008-05-28 07:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 07:49 . 2008-05-28 07:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 04:30 . 2007-04-14 04:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 08:30 . 2008-05-28 08:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\9981d44.msp
+ 2009-09-20 19:15 . 2009-09-20 19:15 88576 c:\windows\Installer\991c514.msi
+ 2009-11-29 20:01 . 2009-11-29 20:01 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-10-11 03:15 . 2009-10-11 03:15 53248 c:\windows\Installer\{8C8224B7-AA9B-4807-97CD-55899BAC83FE}\ARPPRODUCTICON.exe
+ 2009-12-13 20:06 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-13 20:06 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-13 20:06 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-13 20:06 . 2009-08-28 10:28 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-13 20:06 . 2009-08-29 07:36 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-18 19:07 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-18 19:07 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-18 19:07 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-18 19:07 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-09-20 19:07 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-09-20 19:07 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-09-20 19:07 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-09-20 19:07 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-09-20 19:07 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2008-03-28 23:12 . 2009-10-09 01:54 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-03-28 23:12 . 2008-03-28 23:12 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-10-18 19:05 . 2009-10-18 19:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0277797d\System.Drawing.Design.dll
+ 2009-10-18 19:05 . 2009-10-18 19:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e808c957\CustomMarshalers.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-18 19:23 . 2009-10-18 19:23 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-18 19:22 . 2009-10-18 19:22 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-18 19:29 . 2009-10-18 19:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-09-20 19:18 . 2009-09-20 19:18 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-13 17:48 . 2008-04-13 17:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-13 17:48 . 2008-04-13 17:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-04-13 17:48 . 2008-04-13 17:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-18 19:06 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-09-20 19:06 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB973507$\atl.dll
+ 2009-09-20 19:30 . 2008-04-14 00:11 84992 c:\windows\$NtUninstallKB971557$\avifil32.dll
+ 2009-09-20 19:01 . 2008-10-23 10:06 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-09-20 19:01 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-10-18 19:02 . 2008-04-14 00:12 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll
+ 2009-10-18 19:02 . 2009-02-03 19:59 56832 c:\windows\$NtUninstallKB968389$\secur32.dll
+ 2009-10-18 19:02 . 2008-04-13 18:31 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys
+ 2009-09-20 19:31 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371-v2$\fontsub.dll
+ 2009-09-20 19:36 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2009-11-15 20:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976749-IE7\update\spcustom.dll
+ 2009-11-15 20:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976749-IE7\spmsg.dll
+ 2009-10-18 19:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2009-10-18 19:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-10-18 19:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-10-18 19:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-10-18 19:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974455-IE7\update\spcustom.dll
+ 2009-10-18 19:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974455-IE7\spmsg.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\pngfilt.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 52224 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeedsbs.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 27648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\jsproxy.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 13824 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieudinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 44544 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iernonce.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 78336 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieencode.dll
+ 2009-08-28 10:01 . 2009-08-28 10:01 70656 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ie4uinit.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 63488 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\icardie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 17408 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\corpol.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973869\spmsg.dll
+ 2009-09-20 19:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-09-20 19:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973354\spmsg.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-09-20 19:07 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972260-IE7\update\spcustom.dll
+ 2009-09-20 19:07 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972260-IE7\spmsg.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\pngfilt.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 52224 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeedsbs.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 27648 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\jsproxy.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieudinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iernonce.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 78336 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieencode.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 70656 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ie4uinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 63488 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\icardie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 17408 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\corpol.dll
+ 2009-09-20 19:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-20 19:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2009-09-20 19:31 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-09-20 19:31 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2009-11-15 20:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-15 20:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2009-10-18 19:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-10-18 19:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2009-10-18 19:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-10-18 19:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2009-09-20 19:31 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB961371-v2\update\spcustom.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB961371-v2\spmsg.dll
+ 2009-07-29 04:30 . 2009-07-29 04:30 81920 c:\windows\$hf_mig$\KB961371-v2\SP3QFE\fontsub.dll
+ 2009-09-20 19:36 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-09-20 19:36 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-09-20 19:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-20 19:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956744\update\spcustom.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956744\spmsg.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-02-06 22:09 . 2008-04-14 00:12 9216 c:\windows\system32\dllcache\scrnsave.scr
+ 2004-02-06 23:48 . 2003-03-31 12:00 6656 c:\windows\system32\dllcache\hcappres.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 08:47 . 2007-10-24 08:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-09-20 19:20 . 2009-09-20 19:20 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-04-13 17:48 . 2008-04-13 17:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-04-13 17:47 . 2008-04-13 17:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 04:23 . 2007-11-07 04:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 04:26 . 2008-07-30 04:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-09-20 19:17 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2004-10-20 05:55 . 2009-08-07 02:24 209632 c:\windows\system32\wuweb.dll
+ 2004-10-20 05:55 . 2009-08-07 02:24 327896 c:\windows\system32\wucltui.dll
+ 2004-10-20 05:55 . 2009-08-07 02:23 575704 c:\windows\system32\wuapi.dll
+ 2004-02-07 01:02 . 2009-04-02 06:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-02-07 01:03 . 2009-07-14 06:43 286208 c:\windows\system32\wmpdxm.dll
- 2004-02-06 22:10 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2004-02-06 22:10 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2004-10-20 06:02 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-02-06 22:10 . 2009-10-29 07:46 233472 c:\windows\system32\webcheck.dll
- 2004-02-06 22:10 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
- 2004-02-06 22:10 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
+ 2004-02-06 22:10 . 2009-10-29 07:46 105984 c:\windows\system32\url.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2004-02-06 22:10 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
+ 2004-02-06 22:10 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2004-02-06 22:10 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-09-20 19:17 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-09-20 19:17 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2004-02-06 22:09 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2006-08-24 23:15 . 2006-08-24 23:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-02-06 22:09 . 2009-12-16 00:51 462554 c:\windows\system32\perfh009.dat
- 2004-02-06 22:09 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 102912 c:\windows\system32\occache.dll
+ 2009-05-30 05:17 . 2009-08-07 02:23 215920 c:\windows\system32\muweb.dll
+ 2009-05-30 05:17 . 2009-08-07 02:23 274288 c:\windows\system32\mucltui.dll
+ 2002-12-12 08:14 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-02-06 22:09 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2004-02-06 22:09 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 671232 c:\windows\system32\mstime.dll
- 2004-02-06 22:09 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 193024 c:\windows\system32\msrating.dll
- 2004-02-06 22:09 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-14 02:54 . 2009-10-29 07:46 459264 c:\windows\system32\msfeeds.dll
- 2007-08-14 02:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 282112 c:\windows\system32\mscoree.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 282112 c:\windows\system32\mscoree.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-02-06 22:09 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-02-06 22:09 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2003-01-13 22:57 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2003-01-13 22:57 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2009-12-14 01:52 . 2009-12-14 01:51 149280 c:\windows\system32\javaws.exe
+ 2009-12-14 01:52 . 2009-12-14 01:51 145184 c:\windows\system32\javaw.exe
+ 2009-12-14 01:52 . 2009-12-14 01:51 145184 c:\windows\system32\java.exe
- 2007-08-14 02:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2007-08-14 02:34 . 2009-10-29 07:46 268288 c:\windows\system32\iertutil.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 385024 c:\windows

elnino550
2010-03-26, 21:01
continued

\system32\iedkcs32.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 20:27 . 2009-10-29 07:46 380928 c:\windows\system32\ieapfltr.dll
- 2004-02-06 22:08 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2004-02-06 22:08 . 2009-10-28 06:52 161792 c:\windows\system32\ieakui.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 230400 c:\windows\system32\ieaksie.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 153088 c:\windows\system32\ieakeng.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 622080 c:\windows\system32\icardagt.exe
+ 2004-02-06 15:40 . 2009-11-15 22:55 166712 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 07:56 . 2009-10-29 07:46 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 493048 c:\windows\system32\evr.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 214528 c:\windows\system32\dxtrans.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 347136 c:\windows\system32\dxtmsft.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2004-10-20 05:55 . 2009-08-07 02:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-10-20 05:55 . 2009-08-07 02:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-10-20 05:55 . 2009-08-07 02:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-02-07 01:02 . 2009-04-02 06:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-02-07 01:03 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-05-10 05:23 . 2009-10-29 07:46 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2007-08-14 02:54 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 02:54 . 2009-10-29 07:46 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 02:44 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 02:44 . 2009-10-29 07:46 105984 c:\windows\system32\dllcache\url.dll
+ 2004-02-06 23:47 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-02-06 23:47 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
- 2004-02-06 22:10 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-02-06 22:10 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-02-06 22:10 . 2008-04-14 00:12 679936 c:\windows\system32\dllcache\sstext3d.scr
+ 2004-02-06 22:10 . 2008-04-14 00:12 610304 c:\windows\system32\dllcache\sspipes.scr
+ 2004-02-06 22:10 . 2008-04-14 00:12 393216 c:\windows\system32\dllcache\ssflwbox.scr
+ 2004-02-06 22:10 . 2008-04-14 00:12 704512 c:\windows
\system32\dllcache\ss3dfo.scr
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2004-02-06 23:46 . 2003-03-31 12:00 753236 c:\windows\system32\dllcache\rvseres.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2009-09-20 19:17 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2007-08-14 02:44 . 2009-10-29 07:46 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:44 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2004-02-06 22:09 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-02-06 22:09 . 2009-10-29 07:46 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2009-10-29 07:46 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-02-06 23:48 . 2008-04-14 00:11 376832 c:\windows\system32\dllcache\msinfo.dll
+ 2006-05-10 05:23 . 2009-10-29 07:46 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:23 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-02-18 02:17 . 2009-10-29 07:46 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-02-18 02:17 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2002-11-20 20:22 . 2008-04-14 00:12 245248 c:\windows\system32\dllcache\migwiz.exe
+ 2009-04-17 02:27 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 02:43 . 2009-10-28 06:54 634632 c:\windows\system32\dllcache\iexplore.exe
- 2008-02-18 02:17 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-02-18 02:17 . 2009-10-29 07:46 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-14 02:39 . 2009-10-29 07:46 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 02:39 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-02-18 02:17 . 2009-10-29 07:46 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-02-06 22:08 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-02-06 22:08 . 2009-10-28 06:52 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-02-06 22:08 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-02-06 22:08 . 2009-10-29 07:46 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows
\system32\dllcache\http.sys
+ 2004-08-04 07:56 . 2009-10-29 07:46 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 07:56 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:22 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-10-29 07:46 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-10-29 07:46 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-02-06 23:46 . 2003-03-31 12:00 780885 c:\windows\system32\dllcache\chkrres.dll
+ 2007-08-14 02:39 . 2009-10-29 07:46 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-14 02:39 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-02-06 22:07 . 2009-10-29 07:46 124928 c:\windows\system32\advpack.dll
- 2004-02-06 22:07 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-30 01:47 . 2008-07-30 01:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 06:15 . 2008-07-30 06:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 06:40 . 2008-07-30 06:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2009-08-08 06:51 . 2009-08-08 06:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2007-04-14 03:58 . 2007-04-14 03:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 07:49 . 2008-05-28 07:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 03:56 . 2007-04-14 03:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 07:48 . 2008-05-28 07:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 08:30 . 2008-05-28 08:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 04:30 . 2007-04-14 04:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-12-13 16:58 . 2008-12-13 16:58 754688 c:\windows\Installer\99a0857.msp
+ 2009-09-20 19:20 . 2009-09-20 19:20 648192 c:\windows\Installer\99a0834.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\9981d4d.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\9981d4b.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\9981d49.msp
+ 2009-09-20 19:19 . 2009-09-20 19:19 137728 c:\windows\Installer\9981d43.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\991c519.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\991c517.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\991c516.msp
+ 2009-09-20 19:04 . 2009-09-20 19:04 248832 c:\windows\Installer\98c0fda.msi
+ 2009-11-29 20:01 . 2009-11-29 20:01 429568 c:\windows\Installer\47798114.msi
+ 2009-03-20 18:48 . 2009-03-20 18:48 183808 c:\windows\Installer\42fe0dd.msp
+ 2009-10-11 03:15 . 2009-10-11 03:15 547328 c:\windows\Installer\1fc72d07.msi
+ 2009-10-09 01:53 . 2009-10-09 01:53 122880 c:\windows\Installer\152fbae7.msi
+ 2009-12-14 01:51 . 2009-12-14 01:51 537600 c:\windows\Installer\12b02a8.msi
+ 2009-11-15 20:06 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-15 20:06 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-12-13 20:06 . 2009-08-29 07:36 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-13 20:06 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-13 20:06 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-13 20:06 . 2009-08-29 07:36 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-13 20:06 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-13 20:06 . 2009-08-29 07:36 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-13 20:06 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-18 19:07 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-18 19:07 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-18 19:07 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-18 19:07 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-18 19:07 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-18 19:07 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-09-20 19:07 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-09-20 19:07 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-09-20 19:07 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-09-20 19:07 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-09-20 19:07 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-09-20 19:07 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-09-20 19:17 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-10-18 19:06 . 2009-10-18 19:06 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a723369e\System.Drawing.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f79c6e4e\System.Drawing.Design.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_796a2444\CustomMarshalers.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-18 19:25 . 2009-10-18 19:25 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-18 19:34 . 2009-10-18 19:34 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-18 19:31 . 2009-10-18 19:31 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-18 19:24 . 2009-10-18 19:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-18 19:23 . 2009-10-18 19:23 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-18 19:30 . 2009-10-18 19:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-18 19:30 . 2009-10-18 19:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-04-13 17:48 . 2008-04-13 17:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-09-20 19:29 . 2009-09-20 19:29 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-09-20 19:29 . 2009-09-20 19:29 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2008-04-13 17:47 . 2008-04-13 17:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2008-04-13 17:47 . 2008-04-13 17:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-04-13 17:48 . 2008-04-13 17:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-10-18 19:18 . 2009-10-18 19:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-18 19:18 . 2009-10-18 19:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-09-20 19:29 . 2009-09-20 19:29 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-09-20 19:29 . 2009-09-20 19:29 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
- 2008-04-13 17:47 . 2008-04-13 17:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-13 17:49 . 2008-04-13 17:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-04-13 17:50 . 2008-04-13 17:50 348160 c:\windows

elnino550
2010-03-26, 21:03
\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2008-04-13 17:47 . 2008-04-13 17:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-10-18 19:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-10-18 19:03 . 2009-06-25 08:25 136192 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-10-18 19:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-10-18 19:06 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-10-18 19:08 . 2008-10-03 10:02 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-09-20 19:08 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2009-09-20 19:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll
+ 2009-09-20 19:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2009-09-20 19:05 . 2008-04-14 00:12 203776 c:\windows\$NtUninstallKB973815$\mswebdvd.dll
+ 2009-09-20 19:05 . 2006-10-19 05:47 314880 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll
+ 2009-09-20 19:05 . 2007-07-27 17:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll
+ 2009-09-20 19:05 . 2007-07-27 17:41 231288 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe
+ 2009-10-18 19:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2009-09-20 19:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2009-09-20 19:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll
+ 2009-09-20 19:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe
+ 2009-09-20 19:30 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-09-20 19:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2009-09-20 19:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2009-09-20 19:04 . 2008-05-09 10:53 512000 c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2009-09-20 19:31 . 2008-04-14 00:12 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
+ 2009-09-20 19:31 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-09-20 19:08 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-09-20 19:30 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe
+ 2009-10-18 19:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2009-09-20 19:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-09-20 19:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-11-15 20:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-15 20:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-10-18 19:08 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-10-18 19:08 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-09-20 19:31 . 2007-07-27 17:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-20 19:31 . 2007-07-27 17:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-10-18 19:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
+ 2009-10-18 19:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2009-10-18 19:02 . 2008-12-05 06:54 144896 c:\windows\$NtUninstallKB968389$\schannel.dll
+ 2009-10-18 19:02 . 2008-04-14 00:12 132608 c:\windows\$NtUninstallKB968389$\msv1_0.dll
+ 2009-10-18 19:02 . 2009-02-09 12:10 729088 c:\windows\$NtUninstallKB968389$\lsasrv.dll
+ 2009-10-18 19:02 . 2008-04-14 00:11 299520 c:\windows\$NtUninstallKB968389$\kerberos.dll
+ 2009-09-20 19:31 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371-v2$\t2embed.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371-v2$\spuninst\updspapi.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB961371-v2$\spuninst\spuninst.exe
+ 2009-09-21 18:44 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2009-09-21 18:44 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2009-09-20 19:36 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2009-09-20 19:36 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2009-10-18 19:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-10-18 19:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2009-09-20 19:08 . 2008-04-14 00:12 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-09-20 19:30 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2009-10-18 19:08 . 2006-10-19 05:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-10-18 19:08 . 2007-07-27 17:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-10-18 19:08 . 2007-07-27 17:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2009-11-15 20:06 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976749-IE7\update\updspapi.dll
+ 2009-11-15 20:06 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976749-IE7\update\update.exe
+ 2009-11-15 20:06 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976749-IE7\spuninst.exe
+ 2009-10-18 19:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2009-10-18 19:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-10-18 19:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-10-18 19:06 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-10-18 19:06 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-10-18 19:06 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-10-18 19:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455-IE7\update\updspapi.dll
+ 2009-10-18 19:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974455-IE7\update\update.exe
+ 2009-10-18 19:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974455-IE7\spuninst.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 840704 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 233472 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\webcheck.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 105984 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\url.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 102912 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\occache.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 671232 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mstime.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 193024 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msrating.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 477696 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtmled.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 459264 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\msfeeds.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 634648 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
+ 2009-08-29 07:31 . 2009-08-29 07:31 268288 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iertutil.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 388608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iedkcs32.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 380928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dll
+ 2009-08-27 05:18 . 2009-08-27 05:18 161792 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakui.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 230400 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieaksie.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 153088 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieakeng.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 132608 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\extmgr.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 214528 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtrans.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 347136 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\dxtmsft.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 124928 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\advpack.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2009-10-18 19:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973869\update\updspapi.dll
+ 2009-09-20 19:08 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-09-20 19:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973869\spuninst.exe
+ 2009-09-20 19:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-09-20 19:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-09-20 19:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2009-10-18 19:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2009-09-20 19:06 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-09-20 19:06 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-09-20 19:06 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973354\update\updspapi.dll
+ 2009-09-20 19:06 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973354\update\update.exe
+ 2009-09-20 19:06 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973354\spuninst.exe
+ 2009-09-20 19:30 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-09-20 19:30 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-09-20 19:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE7\update\updspapi.dll
+ 2009-09-20 19:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe
+ 2009-09-20 19:07 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972260-IE7\spuninst.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 828928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 233472 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\webcheck.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 105984 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\url.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 102912 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\occache.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 671232 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mstime.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 193024 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msrating.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 477696 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtmled.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 459264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeeds.dll
+ 2009-06-29 07:25 . 2009-06-29 07:25 634632 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 268288 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iertutil.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 388608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iedkcs32.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 380928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dll
+ 2009-06-29 07:23 . 2009-06-29 07:23 161792 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakui.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 230400 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieaksie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 153088 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakeng.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 132608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\extmgr.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 214528 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtrans.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 347136 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtmsft.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 124928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\advpack.dll
+ 2009-09-20 19:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-20 19:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-20 19:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2009-09-19 05:25 . 2009-08-13 15:02 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2009-09-20 19:31 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-09-20 19:08 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-09-20 19:08 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-09-20 19:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-09-20 19:30 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-09-20 19:30 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-09-20 19:30 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-10-18 19:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2009-10-18 19:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2009-10-18 19:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2009-11-15 20:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-15 20:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-15 20:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2009-10-18 19:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2009-10-18 19:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-10-18 19:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2009-10-18 19:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2009-10-18 19:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2009-10-18 19:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371-v2\update\updspapi.dll
+ 2009-09-20 19:31 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371-v2\update\update.exe
+ 2009-09-20 19:31 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB961371-v2\spuninst.exe
+ 2009-07-29 04:30 . 2009-07-29 04:30 119808 c:\windows\$hf_mig$\KB961371-v2\SP3QFE\t2embed.dll
+ 2009-09-20 19:36 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-09-20 19:36 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-09-20 19:36 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2009-09-20 19:09 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-20 19:09 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-20 19:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-19 05:28 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2009-09-20 19:30 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956744\update\updspapi.dll
+ 2009-09-20 19:30 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-09-20 19:30 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956744\spuninst.exe
+ 2009-10-15 01:58 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2004-02-06 23:45 . 2009-08-07 02:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-02-07 01:02 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-02-07 01:02 . 2008-06-18 13:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-02-06 22:10 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-09-24 00:08 . 2009-10-29 07:46 1168384 c:\windows\system32\urlmon.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-09-20 19:17 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-09-20 19:17 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-09-20 19:17 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
- 2004-02-06 22:09 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-02-06 22:09 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2003-05-30 17:00 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
+ 2004-02-06 22:09 . 2009-08-05 03:44 2189184 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 01:04 . 2009-02-08 02:02 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 01:04 . 2009-08-04 14:20 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-05 01:10 . 2009-07-31 18:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-02-06 22:09 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-02-06 23:45 . 2009-06-10 16:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-09-29 07:57 . 2009-10-29 07:46 3598336 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-14 02:54 . 2009-10-29 07:46 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-13 00:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2009-09-20 19:17 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2004-02-06 23:45 . 2009-08-07 02:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2004-02-07 01:02 . 2008-06-18 13:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-02-07 01:02 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-16 03:40 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:23 . 2009-10-29 07:46 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-02-06 23:46 . 2003-03-31 12:00 2178131 c:\windows\system32\dllcache\shvlres.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-16 03:42 . 2009-08-05 03:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 03:42 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 03:42 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 03:42 . 2009-02-08 02:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 03:42 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 03:42 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 03:42 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-05 01:10 . 2009-07-31 18:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-12 06:47 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-02-06 23:45 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2003-03-03 23:57 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-05-19 15:08 . 2009-10-29 07:46 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2008-02-18 02:17 . 2009-10-29 07:46 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-02-18 02:17 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2004-02-06 23:46 . 2003-03-31 12:00 1175635 c:\windows\system32\dllcache\hrtzres.dll
+ 2004-02-06 23:46 . 2003-03-31 12:00 1817687 c:\windows\system32\dllcache\bckgres.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-06 02:35 . 2008-12-06 02:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 03:12 . 2008-12-06 03:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2009-08-08 06:51 . 2009-08-08 06:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 06:51 . 2009-08-08 06:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 08:35 . 2008-05-28 08:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 08:35 . 2008-05-28 08:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 07:48 . 2008-05-28 07:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 07:48 . 2008-05-28 07:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 03:50 . 2007-04-14 03:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 07:43 . 2008-05-28 07:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-12-13 16:57 . 2008-12-13 16:57 8397824 c:\windows\Installer\99a0842.msp
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\9981d4c.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\9981d4a.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\9981d48.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\9981d47.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\9981d46.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\9981d45.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\991c51d.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\991c51c.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\991c51b.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\991c51a.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\991c518.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows

elnino550
2010-03-26, 21:03
\Installer\991c515.msp
+ 2009-11-15 20:06 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-13 20:06 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-13 20:06 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-10-18 19:07 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-18 19:07 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-18 19:07 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-09-20 19:07 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-09-20 19:07 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-09-20 19:07 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2008-10-16 03:42 . 2009-08-05 03:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 03:42 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 03:42 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 03:42 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 03:42 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 03:42 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-16 03:42 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-11 03:14 . 2009-10-11 03:14 1556480 c:\windows\Downloaded Installations\{E814FC4A-5278-4300-A0DA-49F927B081D7}\YouSendIt Express.msi
+ 2009-10-18 19:05 . 2009-10-18 19:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cb878001\System.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_898cd34d\System.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b3cc0d1b\System.Xml.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_773fb733\System.Xml.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ba74c870\System.Windows.Forms.dll
+ 2009-10-18 19:05 . 2009-10-18 19:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_567e1b0a\System.Windows.Forms.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b4a5884b\System.Drawing.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e1ad18ec\System.Design.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_80a84f84\System.Design.dll
+ 2009-10-18 19:07 . 2009-10-18 19:07 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dedc9e08\mscorlib.dll
+ 2009-10-18 19:06 . 2009-10-18 19:06 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_67f4e2c3\mscorlib.dll
+ 2009-10-18 19:22 . 2009-10-18 19:22 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-09-20 19:23 . 2009-09-20 19:23 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12B8.tmp\PresentationBuildTasks.dll
+ 2009-10-18 19:22 . 2009-10-18 19:22 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-18 19:34 . 2009-10-18 19:34 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-18 19:34 . 2009-10-18 19:34 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-18 19:34 . 2009-10-18 19:34 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-18 19:34 . 2009-10-18 19:34 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-18 19:25 . 2009-10-18 19:25 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-18 19:32 . 2009-10-18 19:32 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:24 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-18 19:22 . 2009-10-18 19:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-18 19:31 . 2009-10-18 19:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-10-18 19:18 . 2009-10-18 19:18 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-18 19:18 . 2009-10-18 19:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-09-20 19:29 . 2009-09-20 19:29 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-09-20 19:28 . 2009-09-20 19:28 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-09-20 19:20 . 2009-09-20 19:20 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-09-20 19:28 . 2009-09-20 19:28 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-10-18 19:16 . 2009-10-18 19:16 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-09-20 19:18 . 2009-09-20 19:18 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-10-18 19:17 . 2009-10-18 19:17 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-08-26 06:23 . 2007-08-26 06:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-18 19:05 . 2009-10-18 19:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-08-26 06:23 . 2007-08-26 06:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-18 19:05 . 2009-10-18 19:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-09-20 19:05 . 2008-04-14 00:12 1314816 c:\windows\$NtUninstallKB973354$\msoe.dll
+ 2009-09-20 19:08 . 2008-12-20 22:14 1288192 c:\windows\$NtUninstallKB971633$\quartz.dll
+ 2009-10-18 19:03 . 2009-02-06 11:08 2189056 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-10-18 19:03 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2009-10-18 19:03 . 2009-02-08 02:02 2066048 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-10-18 19:03 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2009-11-15 20:02 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-10-18 19:08 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-09-20 19:31 . 2008-06-18 13:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-09-20 19:30 . 2008-04-14 00:11 2061824 c:\windows\$NtUninstallKB956744$\mstscax.dll
+ 2009-10-21 03:59 . 2009-10-21 03:59 3602432 c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 1170944 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\urlmon.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 3600384 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 6070784 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll
+ 2009-10-15 01:59 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dat
+ 2009-07-11 01:54 . 2009-07-11 01:54 1315328 c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 1163264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\urlmon.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 3600384 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 6070784 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dat
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2009-10-15 01:57 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2009-10-15 01:57 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-05 01:47 . 2009-08-05 01:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2009-10-15 01:57 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2009-09-19 05:28 . 2009-06-09 15:21 2067968 c:\windows\$hf_mig$\KB956744\SP3QFE\lhmstscx.dll
+ 2004-02-07 01:03 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2005-05-11 04:29 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2009-07-14 06:43 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-08-11 04:08 . 2009-08-11 04:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2008-12-13 17:21 . 2008-12-13 17:21 10473472 c:\windows\Installer\99a084c.msp
+ 2009-08-15 03:32 . 2009-08-15 03:32 11110912 c:\windows\Installer\9440e2d.msp
+ 2009-08-10 21:09 . 2009-08-10 21:09 17254912 c:\windows\Installer\9440e25.msp
+ 2009-10-18 19:25 . 2009-10-18 19:25 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-18 19:33 . 2009-10-18 19:33 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-18 19:30 . 2009-10-18 19:30 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-18 19:24 . 2009-10-18 19:25 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-18 19:23 . 2009-10-18 19:23 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-18 19:23 . 2009-10-18 19:23 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-18 19:21 . 2009-10-18 19:21 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-09-20 19:05 . 2008-11-12 01:34 10838016 c:\windows\$NtUninstallKB973540_WM9$\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2003-04-16 258048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-14 149280]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-25 4861952]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-04 86073]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-03 172032]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-31 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-31 614400]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 126976]
"Pinger"="c:\toshiba\IVP\ISM\pinger.exe" [2005-03-17 151552]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-09 185784]
"wrna3ls"="c:\program files\rnamfler\naomf.exe" [2006-04-01 1253448]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-24 24576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-09-25 323584]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2003-04-18 88363]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2003-07-19 73728]
"TFncKy"="TFncKy.exe"
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2003-09-25 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 23:49 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\Ivp\\NetInt\\netint.exe"= c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Ubi Soft\\Chessmaster 9000\\Chessmaster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171828283\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-02-09 10112]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-10-08 24652]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 mrtRate;mrtRate; [x]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\MATT1~1\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\MATT1~1\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2008-01-28 132096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\e2ead497-6b39-4a73-afee-7b2d7a3729ed]
c:\windows\system32\cqcccdb.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Matt 1\Application Data\Mozilla\Firefox\Profiles\wqttpak4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-15 22:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\System32\LgNotify.dll

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\1XConfig.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-12-16 22:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-16 06:16
ComboFix2.txt 2009-09-18 04:51
ComboFix3.txt 2009-09-18 02:59
ComboFix4.txt 2009-03-02 05:57

Pre-Run: 19,972,861,952 bytes free
Post-Run: 19,994,968,064 bytes free

1557 --- E O F --- 2009-12-13 20:07



[B]
Malware Logfile

Malwarebytes' Anti-Malware 1.44
Database version: 3918
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-03-26 12:45:11 PM
mbam-log-2010-03-26 (12-45-11).txt

Scan type: Quick Scan
Objects scanned: 141600
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\3570694465.dll (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\avG\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\avG\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt 1\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.


Hijack This logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:01 PM, on 2010-03-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF8547.exe" /c "C:\Combo-Fix\C.bat"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7034 bytes

ken545
2010-03-26, 21:46
Hi,

Not once but you ran Combofix FOUR TIMES :red: The last time you ran it you did not even update it, you ran an old version. Remember my warning about damaging your system, run this on your own and we will not be responsible.


Malwarebytes found and removed some bad things :bigthumb:


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF8547.exe" /c "C:\Combo-Fix\C.bat"

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe






Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.




You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

c:\windows\system32\cqcccdb.exe <--This file

If the site is busy you can try this one

http://virusscan.jotti.org/en



How is your system running now ?

elnino550
2010-03-31, 02:37
Hello,

The fixed checked files have been removed by hijack this and Viewpoint has been uninstalled.

The file that you asked me to have looked at, c:\windows\system32\cqcccdb.exe does not exist on my computer anymore and therefore i could not submit it for review.

The machine has been running smoothly but will tell you immediately if i see any re-directs. anything else?

Thank you very much,

matt

ken545
2010-03-31, 03:54
Hello Matt,

I hope you don't think I was coming down on your for running Combofix, I have been at this for over 6 years and I like helping people like yourself and really despise the bad guys. I was just trying to make you aware of the possible damage to your system if CF is run incorrectly or at a bad time. I would hate for you to go through all the problems if CF damaged your system.

Lets do this. Use your computer for a few days and I will keep this thread open for you, post back and let me know how your doing and if you still having issues we can dig deeper

Ken :)

elnino550
2010-03-31, 05:44
Hello,

Don't worry about Combofix, I wasn't aware of those possibly negative results - Thanks again.

Computer is running fine aside from re-occuring google re-directs...=(

I removed a root-kit infection several months ago with the SF Forums and believe I had a re-direction problem prior to! But as I say...no further problems yet...What do these advertising re-directs do exactly?

Any suggestions?

ken545
2010-03-31, 12:00
You should not have redirects, your browser should take you to where you want to go.

1. What sites are you being redirected to ?
2. Does this happen with Bing or Yahoo also ?
3. What browser are you using that is redirecting you ?

elnino550
2010-04-04, 05:05
Sorry for the late response Ken -

With Firefox as my browser, I am re-directed to artificial system-sweeping sties, advertising sites, registry cleaning sites, etc. At times, these sites will open a new tab in Firefox without my doing so.

Again, no further or more serious problems but very inconvenient to have to copy+paste the link I am trying to reach rather than clicking on the link itself!

ken545
2010-04-04, 06:00
Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

elnino550
2010-04-06, 00:53
Here ya go Ken,

GooredFix by jpshortstuff (08.01.10.1)
Log created at 15:53 on 05/04/2010 (Matt 1)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:31 21/11/2005]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [22:43 21/01/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [16:33 20/08/2008]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [03:43 17/03/2010]

C:\Documents and Settings\Matt 1\Application Data\Mozilla\Firefox\Profiles\wqttpak4.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [20:01 21/09/2009]
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [20:05 21/03/2007]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:20 20/09/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:43 17/03/2010]

-=E.O.F=-

ken545
2010-04-06, 02:04
Did that fix your redirects ?

elnino550
2010-04-06, 15:32
Ken,

Still have them

:sad:

ken545
2010-04-06, 16:22
Its possible there is a rootkit running in the background.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your next reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

elnino550
2010-04-07, 15:27
Here you are Ken,

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 06:19:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MATT1~1\LOCALS~1\Temp\pxtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 832A6CA1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\dropshadow_members.csv 1268 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\alpha_members.csv 1893 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\alpha_members.htm 4457 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies 0 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\play_at.csv 364 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\addAmbient_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\addCone_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\addPoint_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\add_at.csv 336 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Alpha_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\apply_at.csv 364 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\blendTrans_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Blur_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\changeColor_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\changeStrength_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Chroma_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\clear_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\color_at.csv 682 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\direction_at.csv 340 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\DropShadow_at.csv 1403 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\duration_at.csv 364 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\elementImage_at.csv 238 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\enabled_at.csv 2023 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\finishOpacity_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\finishX_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\finishY_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\FlipH_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\FlipV_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\freq_at.csv 228 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\glow_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Gray_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Invert_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\lightStrength_at.csv 228 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Light_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Mask_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\moveLight_at.csv 232 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\offX_at.csv 241 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\offy_at.csv 241 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\opacity_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\phase_at.csv 228 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\positive_at.csv 241 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Redirect_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\revealTrans_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Shadow_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\startX_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\startY_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\status_at.csv 364 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\stop_at.csv 364 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\strength_at.csv 444 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\style_at.csv 230 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\transition_at.csv 244 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\Wave_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\applies\XRay_at.csv 2987 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\blendtrans_members.csv 1154 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\blendtrans_members.htm 4340 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\blur_members.csv 1086 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\blur_members.htm 4064 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\chroma_members.csv 533 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\chroma_members.htm 3922 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\dropshadow_members.htm 4328 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\fliph_members.csv 319 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\fliph_members.htm 3826 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\flipv_members.csv 319 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\flipv_members.htm 3824 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\glow_members.csv 738 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\glow_members.htm 4017 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\gray_members.csv 319 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\gray_members.htm 3844 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\invert_members.csv 319 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\invert_members.htm 3821 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\light_members.csv 1636 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\light_members.htm 4579 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\mask_members.csv 533 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\mask_members.htm 3975 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\redirect_members.csv 732 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\redirect_members.htm 4063 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\revealtrans_members.csv 1360 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\revealtrans_members.htm 4563 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\shadow_members.csv 840 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\shadow_members.htm 4103 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\wave_members.csv 1451 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\wave_members.htm 4300 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\xray_members.csv 319 bytes
File C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Temp\HTMLREF.CHM_1033522\workshop\author\filter\reference\data\xray_members.htm 3891 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



things are seemingly weirder on my system lately...

ken545
2010-04-07, 15:39
Hi,

It looks like your hard disk controller is infected, this is caused by the TDSS Rootkit.

This is what you need to do.


Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.


Extract the file and run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

Please post the content of that log TDSSKiller

elnino550
2010-04-08, 03:12
Here you go,

17:43:20:573 3988 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
17:43:20:573 3988 ================================================================================
17:43:20:573 3988 SystemInfo:

17:43:20:573 3988 OS Version: 5.1.2600 ServicePack: 3.0
17:43:20:573 3988 Product type: Workstation
17:43:20:573 3988 ComputerName: MATT
17:43:20:573 3988 UserName: Matt 1
17:43:20:573 3988 Windows directory: C:\WINDOWS
17:43:20:573 3988 Processor architecture: Intel x86
17:43:20:573 3988 Number of processors: 1
17:43:20:573 3988 Page size: 0x1000
17:43:20:573 3988 Boot type: Normal boot
17:43:20:573 3988 ================================================================================
17:43:20:613 3988 UnloadDriverW: NtUnloadDriver error 2
17:43:20:613 3988 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:43:21:254 3988 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:43:21:254 3988 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:43:21:254 3988 wfopen_ex: Trying to KLMD file open
17:43:21:254 3988 wfopen_ex: File opened ok (Flags 2)
17:43:21:254 3988 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:43:21:254 3988 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:43:21:254 3988 wfopen_ex: Trying to KLMD file open
17:43:21:254 3988 wfopen_ex: File opened ok (Flags 2)
17:43:21:254 3988 Initialize success
17:43:21:254 3988
17:43:21:254 3988 Scanning Services ...
17:43:21:814 3988 Raw services enum returned 358 services
17:43:21:824 3988
17:43:21:824 3988 Scanning Kernel memory ...
17:43:21:824 3988 Devices to scan: 2
17:43:21:824 3988
17:43:21:824 3988 Driver Name: Disk
17:43:21:824 3988 IRP_MJ_CREATE : F87DBBB0
17:43:21:824 3988 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
17:43:21:824 3988 IRP_MJ_CLOSE : F87DBBB0
17:43:21:824 3988 IRP_MJ_READ : F87D5D1F
17:43:21:824 3988 IRP_MJ_WRITE : F87D5D1F
17:43:21:824 3988 IRP_MJ_QUERY_INFORMATION : 804FA87E
17:43:21:824 3988 IRP_MJ_SET_INFORMATION : 804FA87E
17:43:21:824 3988 IRP_MJ_QUERY_EA : 804FA87E
17:43:21:824 3988 IRP_MJ_SET_EA : 804FA87E
17:43:21:824 3988 IRP_MJ_FLUSH_BUFFERS : F87D62E2
17:43:21:824 3988 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
17:43:21:824 3988 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
17:43:21:824 3988 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
17:43:21:824 3988 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
17:43:21:824 3988 IRP_MJ_DEVICE_CONTROL : F87D63BB
17:43:21:824 3988 IRP_MJ_INTERNAL_DEVICE_CONTROL : F87D9F28
17:43:21:824 3988 IRP_MJ_SHUTDOWN : F87D62E2
17:43:21:824 3988 IRP_MJ_LOCK_CONTROL : 804FA87E
17:43:21:824 3988 IRP_MJ_CLEANUP : 804FA87E
17:43:21:824 3988 IRP_MJ_CREATE_MAILSLOT : 804FA87E
17:43:21:824 3988 IRP_MJ_QUERY_SECURITY : 804FA87E
17:43:21:824 3988 IRP_MJ_SET_SECURITY : 804FA87E
17:43:21:824 3988 IRP_MJ_POWER : F87D7C82
17:43:21:824 3988 IRP_MJ_SYSTEM_CONTROL : F87DC99E
17:43:21:824 3988 IRP_MJ_DEVICE_CHANGE : 804FA87E
17:43:21:824 3988 IRP_MJ_QUERY_QUOTA : 804FA87E
17:43:21:824 3988 IRP_MJ_SET_QUOTA : 804FA87E
17:43:21:965 3988 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:43:21:965 3988
17:43:21:965 3988 Driver Name: atapi
17:43:21:965 3988 IRP_MJ_CREATE : 832A6CA1
17:43:21:965 3988 IRP_MJ_CREATE_NAMED_PIPE : 832A6CA1
17:43:21:965 3988 IRP_MJ_CLOSE : 832A6CA1
17:43:21:965 3988 IRP_MJ_READ : 832A6CA1
17:43:21:965 3988 IRP_MJ_WRITE : 832A6CA1
17:43:21:965 3988 IRP_MJ_QUERY_INFORMATION : 832A6CA1
17:43:21:965 3988 IRP_MJ_SET_INFORMATION : 832A6CA1
17:43:21:965 3988 IRP_MJ_QUERY_EA : 832A6CA1
17:43:21:965 3988 IRP_MJ_SET_EA : 832A6CA1
17:43:21:965 3988 IRP_MJ_FLUSH_BUFFERS : 832A6CA1
17:43:21:965 3988 IRP_MJ_QUERY_VOLUME_INFORMATION : 832A6CA1
17:43:21:965 3988 IRP_MJ_SET_VOLUME_INFORMATION : 832A6CA1
17:43:21:965 3988 IRP_MJ_DIRECTORY_CONTROL : 832A6CA1
17:43:21:965 3988 IRP_MJ_FILE_SYSTEM_CONTROL : 832A6CA1
17:43:21:965 3988 IRP_MJ_DEVICE_CONTROL : 832A6CA1
17:43:21:965 3988 IRP_MJ_INTERNAL_DEVICE_CONTROL : 832A6CA1
17:43:21:965 3988 IRP_MJ_SHUTDOWN : 832A6CA1
17:43:21:965 3988 IRP_MJ_LOCK_CONTROL : 832A6CA1
17:43:21:965 3988 IRP_MJ_CLEANUP : 832A6CA1
17:43:21:965 3988 IRP_MJ_CREATE_MAILSLOT : 832A6CA1
17:43:21:965 3988 IRP_MJ_QUERY_SECURITY : 832A6CA1
17:43:21:965 3988 IRP_MJ_SET_SECURITY : 832A6CA1
17:43:21:965 3988 IRP_MJ_POWER : 832A6CA1
17:43:21:965 3988 IRP_MJ_SYSTEM_CONTROL : 832A6CA1
17:43:21:965 3988 IRP_MJ_DEVICE_CHANGE : 832A6CA1
17:43:21:965 3988 IRP_MJ_QUERY_QUOTA : 832A6CA1
17:43:21:965 3988 IRP_MJ_SET_QUOTA : 832A6CA1
17:43:21:965 3988 Driver "atapi" infected by TDSS rootkit!
17:43:21:965 3988 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
17:43:21:965 3988 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 17:43:21:965 3988 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
17:43:21:965 3988 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
17:43:22:425 3988 vfvi6
17:43:22:666 3988 !dsvbh1
17:43:26:842 3988 dsvbh2
17:43:27:012 3988 fdfb2
17:43:27:012 3988 Backup copy found, using it..
17:43:27:332 3988 will be cured on next reboot
17:43:27:332 3988 Reboot required for cure complete..
17:43:27:372 3988 Cure on reboot scheduled successfully
17:43:27:372 3988
17:43:27:372 3988 Completed
17:43:27:372 3988
17:43:27:372 3988 Results:
17:43:27:372 3988 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
17:43:27:372 3988 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:43:27:372 3988 File objects infected / cured / cured on reboot: 1 / 0 / 1
17:43:27:372 3988
17:43:27:372 3988 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:43:27:372 3988 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:43:27:372 3988 UnloadDriverW: NtUnloadDriver error 1
17:43:27:372 3988 KLMD(ARK) unloaded successfully

ken545
2010-04-08, 13:46
Yep, it was infected but has been fixed.

Lets check for left over entries if there are any


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please

elnino550
2010-04-08, 15:45
Alright Ken, looking better

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-04-08 06:40:08 AM
mbam-log-2010-04-08 (06-40-08).txt

Scan type: Quick scan
Objects scanned: 125484
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Desktop\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.



C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--
End of file - 7045 bytes

elnino550
2010-04-08, 15:49
Oops, this is the complete HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:48:20 AM, on 2010-04-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\TEMP\vdmpyel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--
End of file - 7045 bytes

ken545
2010-04-08, 19:13
Hi,

Boot to Safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)



C:\WINDOWS\TEMP<-- Delete everything in the Temp Folder but not the temp folder itself.


Boot back to normal windows and post a new HJT log please and let me know how things are running now ?

elnino550
2010-04-09, 02:04
Things are running smoothly Ken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:59:40 PM, on 2010-04-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--
End of file - 7001 bytes


If you have the time, what did we delete in the Temp folder? Also, can you recommend a good way to free up disk space/memory besides the system tools option?

ken545
2010-04-09, 02:14
Hi,

There was a unquestionable file in the temp folder, legit programs do not run out of a temp folder, but its back.



You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

C:\WINDOWS\TEMP\vdmpyel.exe

If the site is busy you can try this one

http://virusscan.jotti.org/en

elnino550
2010-04-09, 02:26
Ken,

My system is already configured to display hidden files and folders and was the last time you requested it as well.

The file you asked me to submit for analysis "was not found" and apparently does not exist.

Also, the temp files we deleted in safe-mode appear to be present in normal mode (as I saw when looking for the file you requested to submit to virus total.)


Agh! Im sure we have shared frustration....

ken545
2010-04-09, 02:58
The reason for removing files in Safemode is that most times trying to remove them in normal windows will fail.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O4 - HKUS\S-1-5-18\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe (User 'Default user')


Reboot and let me know how things are running now ?

elnino550
2010-04-14, 00:56
Late response again, sorry Ken

My machine is running smoothly after I fixed the checked items you requested and no more Google re-directs.

Thank you for your time as always - anything else?

ken545
2010-04-14, 01:14
Great,

How about running RSIT and posting new logs and lets make sure its all gone

elnino550
2010-04-15, 15:27
Here ya are,

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt 1 at 2010-04-15 06:27:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (29%) free of 57 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:28:31 AM, on 2010-04-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt 1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Matt 1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [StartAutomator] C:\WINDOWS\TEMP\vdmpyel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPY-BO~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--
End of file - 6910 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPY-BO~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-03-16 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-16 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-04-15 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-24 4861952]
"nwiz"=nwiz.exe /installquiet []
"SigmaTel StacMon"=C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe [2003-08-03 86073]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-02 172032]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-18 88363]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-05-30 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-05-30 614400]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-07-18 73728]
"TFncKy"=TFncKy.exe []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2003-09-25 278528]
"Pinger"=C:\TOSHIBA\IVP\ISM\pinger.exe [2005-03-17 151552]
"PRONoMgr.exe"=c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-09 185784]
"wrna3ls"=C:\Program Files\rnamfler\naomf.exe [2006-04-01 1253448]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"StartAutomator"=C:\WINDOWS\TEMP\vdmpyel.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\Ivp\NetInt\netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Ubi Soft\Chessmaster 9000\Chessmaster.exe"="C:\Program Files\Ubi Soft\Chessmaster 9000\Chessmaster.exe:*:Enabled:Chessmaster 9000"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1171828283\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1171828283\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM7\aim.exe"="C:\Program Files\AIM7\aim.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Matt 1\Desktop\utorrent.exe"="C:\Documents and Settings\Matt 1\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-08 06:29:27 ----AC---- C:\mbam-error.txt
2010-04-07 17:43:20 ----AC---- C:\TDSSKiller.2.2.8.1_07.04.2010_17.43.20_log.txt
2010-04-01 08:42:21 ----A---- C:\WINDOWS\system32\spwindrfc1.exe
2010-04-01 08:42:17 ----A---- C:\WINDOWS\system32\pscdrvn.exe
2010-03-23 22:28:00 ----DC---- C:\rsit
2010-03-23 07:17:39 ----SDC---- C:\Combo-Fix
2010-03-16 20:44:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-16 20:43:42 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-16 20:43:42 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-16 20:43:42 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-04-15 06:27:28 ----D---- C:\WINDOWS\Prefetch
2010-04-14 20:01:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-09 06:18:58 ----D---- C:\WINDOWS\temp
2010-04-09 06:17:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-08 16:53:05 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-08 06:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-04-08 06:42:59 ----D---- C:\WINDOWS\system32\drivers
2010-04-08 06:29:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-04 05:44:02 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 08:42:21 ----AD---- C:\WINDOWS\system32
2010-03-30 17:27:54 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2010-03-30 17:27:54 ----AD---- C:\Program Files
2010-03-27 19:31:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-26 12:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB828741$
2010-03-23 21:48:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-23 07:26:28 ----AD---- C:\WINDOWS
2010-03-23 07:19:31 ----RHD---- C:\Program Files\rnamfler
2010-03-23 07:19:30 ----DC---- C:\Qoobox
2010-03-16 21:05:12 ----DC---- C:\Config.Msi
2010-03-16 21:04:31 ----SHD---- C:\WINDOWS\Installer
2010-03-16 21:02:20 ----D---- C:\Program Files\Java
2010-03-16 20:45:05 ----D---- C:\Program Files\Common Files\Java
2010-03-16 20:43:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-16 20:13:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-11-26 4224]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-06-09 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-10-19 8413]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-06-08 14037]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-09-24 1370764]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2003-07-17 230416]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-05-30 271728]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 25888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-26 821856]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-11-26 27776]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-12-20 1164576]
S3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-08-28 323296]
S3 catchme;catchme; \??\C:\DOCUME~1\MATT1~1\LOCALS~1\Temp\catchme.sys []
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\MATT1~1\LOCALS~1\Temp\ewdmaudn.sys []
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM); C:\WINDOWS\system32\DRIVERS\mausbft.sys [2007-11-13 132096]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 15143]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-04-19 14464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-03-27 2379776]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-11-26 49664]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2003-12-02 28672]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-16 153376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-09-24 77824]
R2 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files\rnamfler\naofsvc.exe [2006-04-01 55296]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe [2004-05-13 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-11-26 418816]
S2 FastTrackInstallerService;M-Audio Fast Track Installer; C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ken545
2010-04-15, 15:58
Lets just fix this

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::




Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartAutomator"=-


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.